feat: make nixos-laptop empheral

nixos
Moritz Böhme 2023-09-25 18:29:29 +02:00
parent 0603a18d9e
commit f43b993869
Signed by: moritz
GPG Key ID: 970C6E89EB0547A9
12 changed files with 355 additions and 182 deletions

View File

@ -25,11 +25,11 @@
]
},
"locked": {
"lastModified": 1690228878,
"narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
"lastModified": 1695384796,
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
"rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4",
"type": "github"
},
"original": {
@ -41,11 +41,11 @@
"arkenfox-userjs": {
"flake": false,
"locked": {
"lastModified": 1693196107,
"narHash": "sha256-t6qvPFJIF+De2KqMfCI5DEA40BwWeu4AFRWOzKeEVE0=",
"lastModified": 1695299795,
"narHash": "sha256-rl6WSgyXTbSLXL3ItpbfToSPAS4+rftojSzFWxNuHU4=",
"owner": "arkenfox",
"repo": "user.js",
"rev": "ba173d49205ee927ed62e81e606569d98f531d38",
"rev": "56f51203bf4fea8aa778b792269205d275a62665",
"type": "github"
},
"original": {
@ -93,6 +93,24 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1695380190,
"narHash": "sha256-v1TwBU/mKroZZPWYXujAfOHfIaQw44swa50Jgdkr7OE=",
"owner": "nix-community",
"repo": "disko",
"rev": "98a6ab9b52f8b06db9c3116b1761bbeaf9484408",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -207,11 +225,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1692799911,
"narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@ -297,7 +315,7 @@
"inputs": {
"flake-parts": "flake-parts_3",
"haskell-flake": "haskell-flake",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1688568579,
@ -379,11 +397,11 @@
]
},
"locked": {
"lastModified": 1693972774,
"narHash": "sha256-Dt9UZs0/DaIex598quYRYFuGabUbvFdNrHuvGc6HjBc=",
"lastModified": 1695550077,
"narHash": "sha256-xoxR/iY69/3lTnnZDP6gf3J46DUKPcf+Y1jH03tfZXE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b22d7bab30076bbb73744867d6c5bf7d6380570c",
"rev": "a88df2fb101778bfd98a17556b3a2618c6c66091",
"type": "github"
},
"original": {
@ -394,14 +412,14 @@
},
"hypr-contrib": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1693839821,
"narHash": "sha256-ha9Cxqb81Yni217SoM/zFxE0nNz8IMtreTw4SlXw/D4=",
"lastModified": 1695455081,
"narHash": "sha256-AtAMze2J5Maol28OLQoCFgppRWEy06Mn9RhduXNmhiI=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "74aa6b02ff4bd48aaee4da461a16c4cbaaa0ca7e",
"rev": "33663f663e07b4ca52c9165f74e3d793f08b15e7",
"type": "github"
},
"original": {
@ -413,17 +431,17 @@
"hyprland": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"systems": "systems_2",
"wlroots": "wlroots",
"xdph": "xdph"
},
"locked": {
"lastModified": 1693944974,
"narHash": "sha256-kWa86ahIQvQIgo3GYFJShlBuKTXfggVbrZjkbdjct7U=",
"lastModified": 1695558936,
"narHash": "sha256-KcSkwSDlrt3Xwtit+NTu2aToiRm5Aho9joj2r6nb19w=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "c3a83daa1e61285a418c39a1d9f29427c2c9a2c3",
"rev": "352ceb1117b79cd0bc3fa86ebe435b6909512ddb",
"type": "github"
},
"original": {
@ -459,14 +477,14 @@
},
"hyprpaper": {
"inputs": {
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1692480535,
"narHash": "sha256-3Q0Uz/JPW9USHyAmrzRl6KhZLqMYTWkmtL3RA+oAeVY=",
"lastModified": 1694600309,
"narHash": "sha256-d9LcB+D0bfMu+8UhnUVJ/DX5OVTX6o5dIntdVqEeQDA=",
"owner": "hyprwm",
"repo": "hyprpaper",
"rev": "5e73eb60552d48d55541c60f9a8da2b666003fe6",
"rev": "e5a18a171d5d6e7c6b9ffdfb9e86fb09055964a1",
"type": "github"
},
"original": {
@ -475,6 +493,21 @@
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1694622745,
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
@ -493,11 +526,11 @@
},
"master": {
"locked": {
"lastModified": 1693980916,
"narHash": "sha256-J7JJCpNiHbXb3D7pb1JkeOTUEpJJXiGI6BngfbnhiIM=",
"lastModified": 1695566498,
"narHash": "sha256-pitC2KSFFQr0VVWTWrhOYM3JkHMTGJ+n2f3swZNRjq8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6485865ec300c7baf9e51ad5d64c30355ee511e7",
"rev": "46338210c41bbb92502517cccbb2223973a17a62",
"type": "github"
},
"original": {
@ -538,11 +571,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1693954768,
"narHash": "sha256-DIyHgdfhmftTN2aHVEmJ1q/W2o0Slild0McAf4sEa8U=",
"lastModified": 1695509205,
"narHash": "sha256-nV3opNLzLMfzL0yI+xnIeNIOnvOI467CiABxHTQUrwY=",
"owner": "neovim",
"repo": "neovim",
"rev": "2ef7b6a433c61837bcef0fca297a665551835423",
"rev": "bc0bf9d030bbcb01db69c44cf88b95ca41dd3065",
"type": "github"
},
"original": {
@ -558,14 +591,14 @@
"flake-parts": "flake-parts",
"hercules-ci-effects": "hercules-ci-effects",
"neovim-flake": "neovim-flake",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1693958686,
"narHash": "sha256-UgdB+EXYbi90vm2fam4tYgY9hYGwxSk0sxG96jIyeg4=",
"lastModified": 1695513850,
"narHash": "sha256-tzhm05TH22eI+ePzuPHrMgq2sjLkEW1q1E515+VRVuw=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "14defe836200c45acf14f3616d7ba20959028cf8",
"rev": "07c3b00574cb6645d92786c5a5531cb20426785d",
"type": "github"
},
"original": {
@ -585,11 +618,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1693724255,
"narHash": "sha256-+Ucv/aBN9wwRE62sUJEBocI+9no7PV4KRDNuFQgygzU=",
"lastModified": 1695485017,
"narHash": "sha256-aQyRBJnT4tftexM/Y3etfOk8tfMFZzt+vSVtL2J0KLY=",
"owner": "oxalica",
"repo": "nil",
"rev": "4bdcfcfe38cfcb386142e043392afbfa542665dd",
"rev": "510bc6e9b41d39c81b9c815065cb5b7e23a2428c",
"type": "github"
},
"original": {
@ -623,11 +656,11 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1692913762,
"narHash": "sha256-WIz/rGYBUdRtkZx5BPbE9DXHfUCKlYuKkPzDsP4u77w=",
"lastModified": 1695405275,
"narHash": "sha256-R4TX73TAzrW03Rdsa4HNz5ASKx5S1AKa/3SAntUHglg=",
"owner": "privatevoid-net",
"repo": "nix-super",
"rev": "0007178284d0247631af40931b7039d42bfc0da5",
"rev": "cae2c834f2a19db35cd46d233f5b59086b24a6f1",
"type": "github"
},
"original": {
@ -638,16 +671,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1658161305,
"narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=",
"lastModified": 1694948089,
"narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e4d49de45a3b5dbcb881656b4e3986e666141ea9",
"rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -704,11 +737,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1693158576,
"narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=",
"lastModified": 1658161305,
"narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780",
"rev": "e4d49de45a3b5dbcb881656b4e3986e666141ea9",
"type": "github"
},
"original": {
@ -719,6 +752,22 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1694767346,
"narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ace5093e36ab1e95cb9463863491bee90d5a4183",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1683014792,
"narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=",
@ -734,7 +783,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1688322751,
"narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=",
@ -750,39 +799,39 @@
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1693844670,
"narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1693844670,
"narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
"owner": "nixos",
"lastModified": 1695318763,
"narHash": "sha256-FHVPDRP2AfvsxAdc+AsgFJevMz5VBmnZglFUMlxBkcY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1",
"rev": "e12483116b3b51a185a33a272bf351e357ba9a99",
"type": "github"
},
"original": {
"owner": "nixos",
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1695318763,
"narHash": "sha256-FHVPDRP2AfvsxAdc+AsgFJevMz5VBmnZglFUMlxBkcY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e12483116b3b51a185a33a272bf351e357ba9a99",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1689261696,
"narHash": "sha256-LzfUtFs9MQRvIoQ3MfgSuipBVMXslMPH/vZ+nM40LkA=",
@ -798,7 +847,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1692934111,
"narHash": "sha256-9EEE59v/esKNMR5zKbLRV9NoRPYvERw5jHQOnfr47bk=",
@ -836,15 +885,15 @@
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"gitignore": "gitignore",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1692274144,
"narHash": "sha256-BxTQuRUANQ81u8DJznQyPmRsg63t4Yc+0kcyq6OLz8s=",
"lastModified": 1694364351,
"narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa",
"rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
"type": "github"
},
"original": {
@ -856,11 +905,11 @@
"rofi-wayland": {
"flake": false,
"locked": {
"lastModified": 1690115482,
"narHash": "sha256-fUneGsSWpi8zYrTbF14e/fuf0vaXF8ckOo4OhL1tInM=",
"lastModified": 1695513431,
"narHash": "sha256-WG1EyBYTbDsK4RsPgp8K/PlscvRSNthQSyN3cqxuXcc=",
"owner": "lbonn",
"repo": "rofi",
"rev": "ff2338c38fbf6e7049563acf55f9055bcf882a4e",
"rev": "b8dedc8836b552a0bba5f4702be63dd8521c6fbb",
"type": "github"
},
"original": {
@ -876,18 +925,20 @@
"agenix": "agenix",
"arkenfox-userjs": "arkenfox-userjs",
"asus-touchpad-numpad-driver": "asus-touchpad-numpad-driver",
"disko": "disko",
"flake-utils": "flake-utils",
"hmts-nvim": "hmts-nvim",
"home-manager": "home-manager_2",
"hypr-contrib": "hypr-contrib",
"hyprland": "hyprland",
"hyprpaper": "hyprpaper",
"impermanence": "impermanence",
"master": "master",
"neovim-nightly-overlay": "neovim-nightly-overlay",
"nil": "nil",
"nix-lazy-nvim": "nix-lazy-nvim",
"nix-super": "nix-super",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"nvim-treesitter": "nvim-treesitter",
"pre-commit-hooks": "pre-commit-hooks",
"rofi-wayland": "rofi-wayland",
@ -926,11 +977,11 @@
"smartcolumn-nvim": {
"flake": false,
"locked": {
"lastModified": 1693669522,
"narHash": "sha256-SfIbbrAFv/md9EgsJvO0RfDnc6oP5RYz8C5Icual1bU=",
"lastModified": 1694526430,
"narHash": "sha256-O9lPx4WVtiH8tCXVGtNHpcNDDIC+IdcZl8ielDD+rcY=",
"owner": "m4xshen",
"repo": "smartcolumn.nvim",
"rev": "d01b99355c7fab13233f48d0f28dc097e68a03f7",
"rev": "c6abf3917fcec487c7475e208ae37f5788af5b04",
"type": "github"
},
"original": {
@ -941,11 +992,11 @@
},
"stable": {
"locked": {
"lastModified": 1693771906,
"narHash": "sha256-32EnPCaVjOiEERZ+o/2Ir7JH9pkfwJZJ27SKHNvt4yk=",
"lastModified": 1695416179,
"narHash": "sha256-610o1+pwbSu+QuF3GE0NU5xQdTHM3t9wyYhB9l94Cd8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "da5adce0ffaff10f6d0fee72a02a5ed9d01b52fc",
"rev": "715d72e967ec1dd5ecc71290ee072bcaf5181ed6",
"type": "github"
},
"original": {
@ -1033,11 +1084,11 @@
"telekasten-nvim": {
"flake": false,
"locked": {
"lastModified": 1691743763,
"narHash": "sha256-zYBMUzanFtjnsUrwxjHLvhRODLj1uwGi18wMUWnrqRA=",
"lastModified": 1694166243,
"narHash": "sha256-DblFcMlXsiHJCFojjpcwqZdnRqGuk79yoNBJTR8p5S4=",
"owner": "renerocksai",
"repo": "telekasten.nvim",
"rev": "584783fdbdd13bb691a435f86ed10a3717fa9e9a",
"rev": "bd5d323581f24ee124b33688287e6a22244c6f2a",
"type": "github"
},
"original": {
@ -1049,11 +1100,11 @@
"telescope-nvim": {
"flake": false,
"locked": {
"lastModified": 1693850759,
"narHash": "sha256-309GezR93SVOD7/B8dDJIEidYziepc1s46CIRkhND1k=",
"lastModified": 1695500955,
"narHash": "sha256-Sy4cDVL9HdIj8/UkCnusxACuzA6PKQiuf5Otwtlf8HA=",
"owner": "nvim-telescope",
"repo": "telescope.nvim",
"rev": "20a37e43bb43c74c6091f9fea6551af0964ad45a",
"rev": "ed9574dd6dde143d009b2528ea6d79bd34bbe6c8",
"type": "github"
},
"original": {
@ -1065,7 +1116,7 @@
"timers": {
"inputs": {
"naersk": "naersk",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_9",
"utils": "utils"
},
"locked": {
@ -1104,18 +1155,18 @@
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1692976565,
"narHash": "sha256-eBKkG7tMxg92NskEn8dHRFY245JwjirWRoOZzW6DnUw=",
"lastModified": 1695277534,
"narHash": "sha256-LEIUGXvKR5DYFQUTavC3yifcObvG4XZUUHfxXmu8nEM=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "717ded9bb0191ea31bf4368be32e7a15fe1b8294",
"rev": "98a745d926d8048bc30aef11b421df207a01c279",
"type": "gitlab"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"rev": "717ded9bb0191ea31bf4368be32e7a15fe1b8294",
"rev": "98a745d926d8048bc30aef11b421df207a01c279",
"type": "gitlab"
}
},
@ -1135,11 +1186,11 @@
]
},
"locked": {
"lastModified": 1691841170,
"narHash": "sha256-RCTm1/MVWYPnReMgyp7tr2ogGYo/pvw38jZaFwemgPU=",
"lastModified": 1694628480,
"narHash": "sha256-Qg9hstRw0pvjGu5hStkr2UX1D73RYcQ9Ns/KnZMIm9w=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "57a3a41ba6b358109e4fc25c6a4706b5f7d93c6b",
"rev": "8f45a6435069b9e24ebd3160eda736d7a391cbf2",
"type": "github"
},
"original": {

View File

@ -32,6 +32,9 @@
rofi-wayland.url = "github:lbonn/rofi/wayland";
rofi-wayland.flake = false;
disko.url = "github:nix-community/disko";
impermanence.url = "github:nix-community/impermanence";
# Neovim
neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay";
@ -130,6 +133,8 @@
};
}
inputs.agenix.nixosModules.age
inputs.disko.nixosModules.default
inputs.impermanence.nixosModules.impermanence
];
hosts = self.lib.my.mapModules

View File

@ -3,37 +3,35 @@
# and in the NixOS manual (accessible by running nixos-help).
{ pkgs
, inputs
, lib
, ...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disko.nix
./impermanence.nix
];
my = {
virtualisation.libvirtd.enable = true;
yubikey.luksSupport.enable = false;
profiles = {
desktop.enable = true;
personal.enable = true;
webis.enable = true;
# webis.enable = true;
};
shell.aliases.zfs-diff = "sudo zfs diff zroot/encrypted/root@blank | parallel --pipe cut -f2 | parallel 'test -e /persist/{} || echo {}' | ${lib.getExe pkgs.tree} --fromfile .";
};
home-manager.users.moritz.home.packages = with pkgs; [
jetbrains.idea-ultimate
# jetbrains.idea-ultimate
];
# BOOT
boot = {
supportedFilesystems = [ "btrfs" ];
loader = {
grub = {
enable = true;
device = "nodev";
efiSupport = true;
};
efi.canTouchEfiVariables = true;
};
supportedFilesystems = [ "zfs" ];
loader.systemd-boot.enable = true;
};
# SERVICES

View File

@ -0,0 +1,94 @@
{ lib, ... }:
{
# needed for zfs pool
networking.hostId = "9c85d185";
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "64M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
rootFsOptions = {
compression = "zstd";
"com.sun:auto-snapshot" = "false";
};
mountpoint = null;
datasets = {
encrypted = {
type = "zfs_fs";
options = {
mountpoint = "none";
encryption = "aes-256-gcm";
keyformat = "passphrase";
};
# use this to read the key during boot
postCreateHook = ''
zfs set keylocation="prompt" "zroot/$name";
'';
};
"encrypted/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs snapshot zroot/encrypted/root@blank";
};
"encrypted/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
};
"encrypted/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
options."com.sun:auto-snapshot" = "true";
};
};
};
};
};
# rollback to blank
boot.initrd.postDeviceCommands = lib.mkAfter ''
zfs rollback -r zroot/encrypted/root@blank
'';
fileSystems."/persist".neededForBoot = true;
# HACK: to fix issue of agenix running before impermanence
age.identityPaths = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
"/persist/etc/ssh/ssh_host_ed25519_key"
"/persist/etc/ssh/ssh_host_rsa_key"
];
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
autoSnapshot.enable = true;
};
}

View File

@ -10,45 +10,4 @@
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/078b81ba-238e-471d-9951-b743588532b8";
fileSystems."/log" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" ];
neededForBoot = true;
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/938D-F813";
fsType = "vfat";
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=persist" "compress=zstd" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
swapDevices = [{ device = "/dev/disk/by-uuid/29ebf65f-e6ca-4625-9f72-a9321152be1b"; }];
}

View File

@ -0,0 +1,70 @@
{ config, ... }:
{
age.secrets = {
root-password.file = ../../secrets/root-password.age;
moritz-password.file = ../../secrets/moritz-password.age;
};
users.users = {
root.hashedPasswordFile = config.age.secrets.root-password.path;
moritz.hashedPasswordFile = config.age.secrets.moritz-password.path;
};
users.mutableUsers = false;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/etc/NetworkManager/system-connections"
"/var/db/dhcpcd/"
"/var/lib/NetworkManager/"
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/log"
];
files = [
"/etc/machine-id"
"/etc/nix/id_rsa"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
users.moritz = {
directories = [
".SynologyDrive/data"
".SynologyDrive/log"
".cache/keepassxc"
".cache/nvim/luac"
".config/Nextcloud"
".config/keepassxc"
".local/share/direnv"
".local/share/zoxide"
".local/state/nvim"
".mozilla"
"Documents"
"Downloads"
"Music"
"Pictures"
"Videos"
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".local/share/keyrings"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
];
files = [
".local/share/fish/fish_history"
".local/share/nix/trusted-settings.json"
".parallel/will-cite"
];
};
users.root = {
home = "/root";
directories = [
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
];
files = [
".local/share/nix/trusted-settings.json"
];
};
};
}

View File

@ -84,6 +84,9 @@ let
};
in
{
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoAqa2m7hIzZ2LS96Z+RCIlRvhBM/j7h27tMBCwMT+a" # Moritz
];
users.users.moritz = {
isNormalUser = true;
home = "/home/moritz";
@ -109,7 +112,7 @@ in
rj = "sudo journalctl";
};
aliases = {
ls = "exa -lh --icons --git";
ls = "${getExe pkgs.eza} -lh --icons --git";
cat = "bat";
rm = "rm -i";
mv = "mv -i";
@ -165,7 +168,6 @@ in
# utils
bat
cht-sh
exa
f
fd
gi

View File

@ -198,30 +198,17 @@ in
alsa.support32Bit = true;
pulse.enable = true;
};
greetd = {
xserver = {
enable = true;
settings =
let
hyprlandCommand = getExe' hyprland "Hyprland";
in
{
initial_session = {
command = hyprlandCommand;
user = "moritz";
};
default_session = {
command = ''
${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \
--asterisks \
--user-menu \
--remember \
--power-shutdown 'systemctl poweroff' \
--power-reboot 'systemctl reboot' \
--cmd ${hyprlandCommand}
'';
};
displayManager = {
lightdm.enable = true;
autoLogin = {
enable = true;
user = "moritz";
};
defaultSession = "hyprland";
sessionPackages = [ hyprland ]; # can't set the defaultSession otherwise
};
};
};
security.rtkit.enable = true;

View File

@ -1,14 +1,8 @@
vim.g.mapleader = " "
vim.g.maplocalleader = ","
-- FIX to create spell dir if not existent
local spelldir = vim.fn.stdpath("config") .. "/spell"
if not vim.loop.fs_stat(spelldir) then
vim.fn.mkdir(spelldir, "p")
end
vim.opt.autoindent = true
vim.opt.backupdir = { vim.fn.stdpath("state") .. "/nvim/backup/" } -- don't store backup in files dir
vim.opt.backupdir = { vim.fn.stdpath("state") .. "/backup/" } -- don't store backup in files dir
vim.opt.clipboard = "unnamedplus" -- sync with system clipboard
vim.opt.conceallevel = 2
vim.opt.expandtab = true -- spaces instead of tabs

View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 wG6LYg LK0u1kmnMlRkk3s1nqpHREr0pbtQwc+Or9XFGSk5Syo
HLc3gWskZTeWfMPgR+EBn3R3ycn+7rWKgheZuP4o9Tg
-> ssh-ed25519 ZYd7Zg w8wh8buUNQcPdihFgWVyZfCg74x01YTSbnj8Sw5dhBQ
i8/rwKnUn2QIuTpLayg1+SzUnHbpOu7CdhAnO3u3/VU
-> ssh-ed25519 CjuqfA FPR6pGls0nRXB7lFUagHCcY39iuoSBab+T40aMuD8hQ
pyrcWA0Knw0iZf8CpfvmP5hsJf0Gba9LBKSQO1yGfbQ
-> CQVJ}-grease pf }&%
7Q
--- Mn5qor9GWHRU52zTv+kCqQljCZYsG1tO6ekZSH/p1yc
ÖÉôJžåODša¸õ0Cµ¼c´ <72>X *ú…F\uãÄAÎFOƒ<4F> ÔsKùt<»ù(œ5¢JÛMTD¶<S-iÇ1ã7Ó9™<39>ä[Çhqr>ÕÌv²Rãõµ?Mþe

BIN
secrets/root-password.age Normal file

Binary file not shown.

View File

@ -23,4 +23,6 @@ in
"wireguard-private-key.age".publicKeys = personal;
"webis.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ];
"webis-ssh.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ];
"root-password.age".publicKeys = hosts-personal ++ [ moritz ];
"moritz-password.age".publicKeys = hosts-personal ++ [ moritz ];
}